[certid] SRV-ID examples
Dan Winship <dan.winship@gmail.com> Sat, 20 November 2010 21:28 UTC
Return-Path: <dan.winship@gmail.com>
X-Original-To: certid@core3.amsl.com
Delivered-To: certid@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix)
with ESMTP id 55B103A68D9 for <certid@core3.amsl.com>;
Sat, 20 Nov 2010 13:28:11 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.138
X-Spam-Level:
X-Spam-Status: No, score=-6.138 tagged_above=-999 required=5 tests=[AWL=-4.461,
BAYES_00=-2.599, HELO_MISMATCH_ORG=0.611, HOST_MISMATCH_COM=0.311]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com
[127.0.0.1]) (amavisd-new, port 10024) with ESMTP id WTjmiGWz9Lti for
<certid@core3.amsl.com>; Sat, 20 Nov 2010 13:28:10 -0800 (PST)
Received: from linode.mysterion.org (li168-117.members.linode.com
[173.230.128.117]) by core3.amsl.com (Postfix) with ESMTP id 93D423A6882 for
<certid@ietf.org>; Sat, 20 Nov 2010 13:28:10 -0800 (PST)
Received: from x61.home.mysterion.org (c-76-97-71-164.hsd1.ga.comcast.net
[76.97.71.164]) by linode.mysterion.org (Postfix) with ESMTPSA id 48458349DA
for <certid@ietf.org>; Sat, 20 Nov 2010 21:29:02 +0000 (UTC)
Message-ID: <4CE83D6B.1070007@gmail.com>
Date: Sat, 20 Nov 2010 16:28:11 -0500
From: Dan Winship <dan.winship@gmail.com>
User-Agent: Mozilla/5.0 (X11; U; Linux x86_64; en-US;
rv:1.9.2.12) Gecko/20101103 Fedora/1.0-0.33.b2pre.fc14
Thunderbird/3.1.6
MIME-Version: 1.0
To: IETF cert-based identity <certid@ietf.org>
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
Subject: [certid] SRV-ID examples
X-BeenThere: certid@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Representation and verification of identity in certificates
<certid.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/certid>,
<mailto:certid-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/certid>
List-Post: <mailto:certid@ietf.org>
List-Help: <mailto:certid-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/certid>,
<mailto:certid-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 20 Nov 2010 21:28:11 -0000
draft-saintandre-tls-server-id-check-11, section 3.2 says: A certificate for the IMAP-accessible email server at "mail.example.net" might include SRV-IDs of "_imap.mail.example.net" and "_imaps.mail.example.net" (see [EMAIL-SRV]) and a DNS-ID of "mail.example.net". As I understand it, the SRV-ID is based on the source domain, not the derived domain, and so "_imap.mail.example.net" would only be correct if you were expecting clients to do a SRV lookup for "_imap._tcp.mail.example.net". But the more usual case would be doing a lookup for "_imap._tcp.example.net", in which case the corresponding SRV-ID would "_imap.example.net". Right? So the example should say something like A certificate for the IMAP-accessible email server at "mail.example.net", which is pointed to by the SRV records "_imap._tcp.example.net" and "_imaps._tcp.example.net", might include SRV-IDs of "_imap.example.net" and "_imaps.example.net" (see [EMAIL-SRV]) and a DNS-ID of "mail.example.net". Likewise for the XMPP example that follows it, and the corresponding examples in 4.2.2. -- Dan
- [certid] SRV-ID examples Dan Winship
- Re: [certid] SRV-ID examples Peter Saint-Andre
- Re: [certid] SRV-ID examples Dan Winship
- Re: [certid] SRV-ID examples Peter Saint-Andre